GDPR in operation!

December 27th 2017

Following the GDPR and the Law on the Digital Republic, the Data Protection Bill has modified the I.T. and Liberties Law in order, on the one hand, to integrate the major GDPR reforms into national law and on the other hand, to add further obligations, whilst simplifying administrative formalities.

For the record

  • What is personal data?

It is information which enables an individual to be identified, directly or indirectly.

Example: a user I.D., a name, an identification number, location data, an on-line user I.D., or one or several specific features of his physical, physiological, genetic, psychological, economic, cultural or social identity.

  • What is “sensitive” personal data?

It is personal data mentioning an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, the sexual activity or orientation as well as information relating to criminal sentences and offences.

  • What is processing?

It is an operation made on any support medium (hard or electronic copy) and applied to personal Data such as the collection, registration, organization, structuring, conservation, amendment or modification, extraction, consultation, utilization, communication by transfer, disclosure or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction.

  • What is the GDPR?

The new European General Data Protection Regulationmore commonly referred to as the GDPR, was published on May 4, 2016 in the OJEU (Official Journal of the European Union) and shall be applicable as from May 25, 2018 to enhance the rights of persons whose Personal Data is processed and the obligations of economic players processing such personal Data. For more details, see our analysis of June 26, 2016.

The countdown has started to ensure compliance in order to avoid:

1. Loss of clientele:

If YOU do not intend to comply with these new regulations, YOUR CLIENTS will make the demand.

2. Significant financial penalties:

  • Between 10 and 20 million euros.
  • For groups between 2 and 4 % of the consolidated global annual turnover,
  • The greater amount shall be applicable.

3. Jeopardize your company’s reputation:

You intend to ensure that the privacy policy becomes a marketing and social protection pitch.

The new regulations require that you show and provide documentary proof of compliance.

Ydès shall be there to assist you in the process.

Jérôme SujkowskiJean-Christophe Chevallier